CVE-2007-2832

CVE Database · CVE-2007-2832

CVE-2007-2832

· N/AModified

CVSS v3.1

N/A

EPSS

6.49%

Published

May 23, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBCisco CallManager 4.1 - Search Form Cross-Site Scripting

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

Affected Products (19)

cisco · call_managervulnerable

References (18)

http://marc.info/?l=full-disclosure&m=117993122727006&w=2

ExploitVendor Advisory

http://secunia.com/advisories/25377

PatchVendor Advisory

http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html

http://www.osvdb.org/35337

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977

http://www.securityfocus.com/bid/24119

http://www.securitytracker.com/id?1018105

http://www.vupen.com/english/advisories/2007/1922

https://exchange.xforce.ibmcloud.com/vulnerabilities/34465

http://marc.info/?l=full-disclosure&m=117993122727006&w=2

KEV Catalog EPSS Scores Vendors All CVEs